You started developing Tresorit long before the Snowden scandal. Why did you think an encrypted cloud storage option is necessary? How did you come up with the idea?
There weren’t too many cloud storage providers back in 2011 when we started; even Dropbox was hardly known. And I wasn’t satisfied with the privacy in existing solutions. Everyone in the security community assumed that governmental agencies would not pass on such a rich source of information. The Snowden revelations only confirmed what we already knew pre-Snowden and helped the public to understand the gravity of the security flaws in the cloud services they were using.
What were the first files you shared encrypted with Tresorit?
When we founded Tresorit, we were still students. When the Beta was ready, most of us were still graduating. Thus, we had the chance to test and improve Tresorit by sharing our university files and personal data.
Today, more and more data is end-to-end encrypted. Do you think that this is a trend that will continue? What needs to happen so that end-to-end encryption will be used not just by the privacy-oriented, but by the masses?
US intelligence recently complained that since the Snowden scandal, encryption available to the public had developed way faster than expected, making their life harder. To me, that means we’re on the right track.
I believe that the ease of use is the key to keeping this movement going. A lot of seemingly very basic features are way harder to build when you protect them with end-to-end encryption, but more and more tech companies understand that walking this extra mile is necessary. Developers need to make sure all the encryption magic happens in the background without extra work for users. It’s a challenge, but there are several great examples that it’s possible.
At the same time, it’s also important that there are solutions for developers to integrate encryption into their apps easily. We are working on both fronts, providing a ready-to-use cloud storage app for our users and an encryption kit called ZeroKit for app developers who are not cryptography experts.
Tresorit mainly targets business customers. Where are your main markets?
Encryption solves a lot of the challenges small businesses are facing. We have customers from all over the world, but we’re most successful in Western Europe and North America. Small businesses are attractive hacker targets and must comply with many privacy regulations to protect their clients and staff. Particularly in the German-speaking countries. We want to help them achieve that even with the limited resources of a small company.
Why do you think that is? And how to you plan to grow in other regions?
Many people in the US don’t trust their government, and European businesses don’t trust US authorities either. This helps secure alternatives from Europe, like ours. We don’t need to educate people about encryption anymore, recent mega-hacks and surveillance scandals are doing this job for us. To promote the use of Tresorit by businesses from all over the world, we are constantly developing our product, gradually adding more languages and building scalable processes for our account management and support teams.
Why do you think more and more secure online services like Tresorit and Tutanota are based in Europe?
The need for privacy is deeply rooted in many European cultures, regulations are more in favor of protecting user data, and we also have a lot of encryption talent here. In fact, some important cryptography innovations like AES came from European scientists.
Does it matter where a service is based when all data is end-to-end encrypted?
In theory, we could use the servers of the NSA, and they wouldn’t be able to access the information in your files. With end-to-end encryption, the physical location of encrypted data becomes less relevant than the logical location, which is where the file gets decrypted. But, most laws and regulations aren’t clear about this yet. And there’s meta-data of users that must be handled carefully, too. Therefore, it is reasonable, that businesses and enterprises prefer on premise solutions or data centers in Europe. But even they must find data management solutions for their mobile workforce, and end-to-end encrypted apps can help with that.
From your point of view: How would the ideal internet look like?
It would be end-to-end encrypted instead of being a patchwork of independent encryption and decryption operations that create a lot of gaps attackers can abuse. There wouldn’t be any backdoors for providers or authorities to snoop on your data. Privacy policies would be easy to understand, in favor of the user, and more transparent. Personal data wouldn’t be a currency.
Will that be achievable in the future?
We’re working on it and contribute everything we can to this cause. There are a lot of fantastic tech companies and organizations with a similar vision that we are talking to, collaborate, or share expertise with. There’s a lot more to be done, but I believe we’re on the right path.
About Istvan Lam
Istvan Lam is the CEO and co-inventor of Tresorit’s encryption technology. As a student, cryptography expert Istvan Lam was so unsatisfied with the security level of the available cloud storage services that he and some university friends started developing their own encryption technology and founded the company Tresorit. Today, thanks to its end-to-end encryption and Swiss Data Protection, Tresorit is known as one of the most secure providers on the market of storing files and collaborating in the cloud. Istvan Lam was recently listed as one of the most promising European tech talents in Forbes Magazine’s “30 under 30”.